STATE OF MONTANA 
OFFICE OF THE GOVERNOR 
EXECUTIVE ORDER NO. 12-2017 


AMENDED EXECUTIVE ORDER CREATING THE MONTANA INFORMATION 
SECURITY ADVISORY COUNCIL 


WHEREAS, cyber-attacks have increased significantly providing evidence that cyber security 
needs to be strengthened to guard against threats to state information systems; 


WHEREAS, we protect against crimes on our streets, we must also work to defend Montana 
citizen information from cyber threats ranging from identity theft to consumer fraud to threats to 
our physical infrastructure; 


WHEREAS, major cyber-attacks on both public and private systems serve as a warning to all 
levels of government that they must do all that they can to protect critical cyber infrastructure; 


WHEREAS, the significant and continued growth of cyber-attacks against state and local 
governments makes cybersecurity a critical issue for Montana. Recent events have increased the 
need to enhance security programs, processes, and support in this key area of business to protect 
citizen information; and 


WHEREAS, per § 2-15-114, MCA, each department head is responsible for ensuring an 
adequate level of security for all data within their department. 


NOW, THEREFORE, I, STEVE BULLOCK, Governor of the State of Montana, pursuant to 
the authority vested in me as Governor under the Constitution and the laws of the State of 
Montana, Title 10, Chapter 3, MCA, and under other applicable statutes, do hereby issue 
Executive Order No. 12-2017 amending Executive Order No. 05-2015 and providing for the 
creation of the Montana Information Security Advisory Council (hereinafter, “Council”) as 
follows: 


PURPOSE: 
The purpose of the Council is to advise the Governor with respect to a statewide strategic 
information security program. The Council shall: 


e Develop an interagency information security strategy with initiatives, priorities, policies, 
standards, and roles and responsibilities to enhance the State information security 
posture; 

e Recommend resources (funding, people, etc.) and possible methods to obtain them, in 
order to enhance the State information security posture; 

e Provide a yearly information security assessment to the Governor showing program 
successes and shortcomings with a plan to address shortcomings; 


e Establish a communications procedure for receiving input from and sharing information 
with the public and the various agencies; 

e Support a statewide security training program to serve technical and managerial needs; 

e Advise on security requirements in the specifications for solicitation of state contracts for 
procuring information technology resources; 

e Provide technical and managerial assistance relating to information technology security; 

e Recommend appropriate cost-effective safeguards to reduce, eliminate, or recover from 
identified threats to data; and 

e Conduct internal evaluations of the statewide security program. 


The Council may adopt procedures related to its interface with the Information Technology 
Board (ITB) and the Information Technology Management Council (ITMC) and other matters 
that fall within its purpose, as set forth above. The Council’s procedures may not conflict with 
law or any court order, and any procedures adopted by the Council must be approved by the 
Governor. 


COMPOSITION: 
The Council members shall be appointed by and serve at the pleasure of the Governor until 2019. 


The Council shall be comprised of no more than 20 members, representing the various agencies, 
universities, and local governments that have an interest in cyber security. 


The Council members shall be appointed from the following categories: 


State Chief Information Officer 

State Homeland Security Advisor 

MATIC Representative from Department of Military Affairs 
State government agencies 

Universities 

Local governments 

State Legislature 

General public 
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The Governor shall appoint a chair and the Department of Administration (DOA) will provide 
administrative support for the Council. 


The names of the Council members are submitted by separate letter to the DOA. 
The Council may establish procedural bylaws to aid in the performance of its duties. 


The Council may establish subcommittees comprised of members of the Council or their 
representatives to aid it in the performance of its duties. 


This Order is effective immediately. The Council shall exist until June 12, 2019, consistent with 
Executive Order No. 05-2015. 


GIVEN under my hand and the GREAT SEAL of 


the State of Montana this At¥ day of 
_Ocxzoter—_, 2017. 
<—_—~ 
i 
STEVE BULLOCK, Governor 
ATTEST: 


COREY ST APLETON, Secretary of State 


